CVE-2026-42367 PUBLISHED

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability via leak of Administrator credentials

Assigner: GV
Reserved: 26.04.2026 Published: 04.05.2026 Updated: 04.05.2026

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	GeoVision Inc.
Product	GV-LPC2011/LPC2211
Versions	Default: unaffected Version V1.10 is affected Version V1.20 is unaffected

Solutions

GeoVision GV-LPC2011/LPC2211 V1.12-260330 has patched the reported vulnerability.

The user may visit the GeoVision website or contact the GeoVision Support team for firmware update.

Credits

Philippe Laulheret of Cisco Talos. finder
Kelly Patterson of Cisco Talos. remediation reviewer
Martin Zeiser of Cisco Talos. coordinator

References

Problem Types

CWE-522 - Insufficiently Protected Credentials CWE

Impacts

CAPEC-37 Retrieve Embedded Sensitive Data